From 9467cacb1c3020e2a7ddd60b40dfbbf5a1733785 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 14 May 2018 15:31:14 +0200
Subject: executor: protect most of kcov region

We only write to the first page of kcov region.
Protect the rest from the fuzzer.
---
 executor/executor_linux.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'executor/executor_linux.cc')

diff --git a/executor/executor_linux.cc b/executor/executor_linux.cc
index 4b88946dd..2df74250c 100644
--- a/executor/executor_linux.cc
+++ b/executor/executor_linux.cc
@@ -144,11 +144,13 @@ void cover_open()
 		if (ioctl(th->cover_fd, kcov_init_trace, kCoverSize))
 			fail("cover init trace write failed");
 		size_t mmap_alloc_size = kCoverSize * (is_kernel_64_bit ? 8 : 4);
-		th->cover_data = (char*)mmap(NULL, mmap_alloc_size,
-					     PROT_READ | PROT_WRITE, MAP_SHARED, th->cover_fd, 0);
+		th->cover_data = (char*)mmap(NULL, mmap_alloc_size, PROT_READ, MAP_SHARED, th->cover_fd, 0);
 		th->cover_end = th->cover_data + mmap_alloc_size;
 		if (th->cover_data == MAP_FAILED)
 			fail("cover mmap failed");
+		// We only write to the first page, so protect the rest from fuzzer.
+		if (mprotect(th->cover_data, SYZ_PAGE_SIZE, PROT_READ | PROT_WRITE))
+			fail("cover mprotect failed");
 	}
 }
 
-- 
cgit mrf-deployment